mirrors/logiops
1
0
Fork 0
mirror of https://github.com/PixlOne/logiops.git synced 2025-09-14 13:56:50 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Compare commits

base: mirrors:v0.3.4
Branches Tags
mirrors:main
mirrors:fix-cve-2024-45752
mirrors:v0.3.5
mirrors:v0.3.4
mirrors:v0.3.3
mirrors:v0.3.2
mirrors:v0.3.1
mirrors:v0.3.0
mirrors:v0.2.4
mirrors:v0.2.3
mirrors:v0.2.2
mirrors:v0.2.1
mirrors:v0.2
mirrors:v0.1
...
compare: mirrors:main
Branches Tags
mirrors:main
mirrors:fix-cve-2024-45752
mirrors:v0.3.5
mirrors:v0.3.4
mirrors:v0.3.3
mirrors:v0.3.2
mirrors:v0.3.1
mirrors:v0.3.0
mirrors:v0.2.4
mirrors:v0.2.3
mirrors:v0.2.2
mirrors:v0.2.1
mirrors:v0.2
mirrors:v0.1

2 Commits
v0.3.4 ... main

Author SHA1 Message Date
pixl
628ab937a2
Merge pull request #476 from PixlOne/fix-cve-2024-45752 
Fix CVE-2024-45752
 2024-09-27 20:46:28 -04:00
pixl
9495516e0c
Fix CVE-2024-45752 
Prevents arbitrary users from accessing d-bus interface. Fixes #473.
This change now requires any application using the LogiOps D-Bus
interface to run as root.
 2024-09-27 20:43:01 -04:00
1 changed files with 4 additions and 3 deletions
Show Stats Expand all files Collapse all files

7
src/logid/logiops-dbus.conf.in
View File

@ -3,11 +3,12 @@
"http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd">
<busconfig>
<policy user="root">
<allow own="pizza.pixl.LogiOps"/>
<policy context="default">
<deny receive_sender="pizza.pixl.LogiOps"/>
</policy>
<policy context="default">
<policy user="root">
<allow own="pizza.pixl.LogiOps"/>
<allow send_destination="pizza.pixl.LogiOps"/>
<allow receive_sender="pizza.pixl.LogiOps"/>
</policy>